Nonprofits: Adopt a Board Confidentiality Policy

There are certain types of formal written corporate policies that nonprofit organizations are well-advised to adopt and follow rigorously. Examples include a Conflict of Interest Policy and a Whistleblower Policy – two of the items that IRS revenue agents will ask to see during an audit.
There are other categories that are useful and recommended if they apply in the particular circumstances; for instance, an advisory board policy or a social media policy.
A third category is helpful as an educational device; that is, to spell out and remind people associated with the organization of duties and obligations. One such document is a board confidentiality policy.

The Duty of Confidentiality

Members of a nonprofit board of directors have a fiduciary duty to keep private certain information learned in the course of board service. The legal obligation exists even in the absence of an express confidentiality policy written up and formally adopted.
Each state adopts its own specific corporations-code language spelling out the legal obligations of nonprofit corporate directors but, around the United States, the general standard follows a long-standing, common-law tradition: the twin duties of care and loyalty.
The description in the California Nonprofit Public Benefit Corporation Law is a bit longer; nevertheless, it boils down to these well-established fiduciary concepts:

5231(a) A director shall perform the duties of a director, including duties as a member of any committee of the board upon which the director may serve, in good faith, in a manner that director believes to be in the best interests of the corporation and with such care, including reasonable inquiry, as an ordinarily prudent person in a like position would use under similar circumstances.

A duty of confidentiality is inherent in this standard:

Like their for-profit counterparts, board members of a non-profit corporation are in a fiduciary relationship with the corporation [and must] act honestly and in good faith….The obligation has many components, including a duty to avoid conflicts of interest and a duty to avoid abusing their position to gain personal benefit. One component of board members’ fiduciary obligation is a duty to maintain the confidentiality of information that they acquire by virtue of their position.

Developing a Confidentiality Policy

A breach of confidentiality can happen for a variety of reasons. During board service, members sometimes have access to personal information or sensitive material concerning fellow board members, donors and supporters, the membership of the organization generally, and charitable beneficiaries. This may come up in discussions involving health, employment, or finances of certain people, or in consideration of potential conflicts of interest.
While a board member’s general awareness of fiduciary responsibilities would – in a perfect world – be enough to prevent problems, there are several good reasons for taking the time and effort to create and adopt a separate, written policy document.
Considering an issue well in advance of the development of a problem is always a good idea. Many nonprofit boards give their attention to crafting a confidentiality policy only after a crisis occurs. When that happens, the board must manage a dangerous and delicate situation in the heat of the moment and without a reliable guide to follow. This type of event can also create a sense of urgency to draft a hasty and possibly incomplete or ineffective policy for the future.
A confidentiality policy in place well ahead of time has multiple benefits: It educates the directors about their obligations and creates a clear standard of conduct.

Elements of a Confidentiality Policy

While, in a pinch, a short-form document may be useful – see for example samples suggested by the National Council of Nonprofits – this is the type of policy that should be thoughtfully developed with help from counsel. Each organization has unique features which should be addressed.
In crafting a written policy document, consider and include these items:

• Identify the reasons a board confidentiality policy in your organization is needed or can be helpful.
• List who the policy will cover. It may be advisable to cover not only board members, but also (in whole or in part) certain staff, committee members who are not on the board, and advisory board members.
• Explicitly state and define the directors’ (and others’) duty of confidentiality.
• Define what constitutes confidential information. Since nonprofits vary substantially in their missions, activities, and structures, this content should be custom designed.
• Specify which matters are not confidential, especially in terms of applicable open-meeting laws.
• State whether audio or video recordings are or are not allowed.
• Clarify if, and how, a board member can obtain written authorization to release confidential information.
• Explain the consequences of unauthorized disclosures.

Conclusion

Once the confidentiality policy is drafted, the board must formally approve it. It should be written into the bylaws and included in all board member handbooks. It should also be discussed as part of any new board member orientation, the new director should sign a statement indicating the policy has been read and understood.
Fiduciary duties are the basic responsibilities of board members. It’s more likely that directors will meet their duties when there is a formal written policy or policies explaining them clearly.